Back to skill

Security audit

MantisBT Manager

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate MantisBT administration helper, but it gives an agent broad power to delete data, manage users and tokens, and impersonate users without enough built-in safety guidance.

Install only if you intend to let an agent administer a real MantisBT instance. Use the least-privilege API token possible, avoid broad administrator tokens unless required, keep tokens out of chat and logs, and require explicit human confirmation before deletes, password resets, token creation or revocation, impersonation, configuration changes, or cross-instance changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill explicitly supports impersonation via a temporary header, allowing operations to be performed as another user if the backing token has sufficient privileges. Even if intended for legitimate administration, this materially expands the blast radius of the skill and can enable unauthorized access, audit confusion, or abuse if a user or agent invokes it without strict authorization controls.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The skill documents creation and deletion of API tokens for other users, which is a privileged credential-management function that can grant persistent access as another account. If misused by an agent or exposed to untrusted prompts, it could create backdoor credentials, revoke legitimate access, or facilitate long-term account compromise across the Mantis instance.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
A dedicated impersonation feature advertises acting as another user through the X-Impersonate-User header, normalizing a highly sensitive administrative action in a general management skill. This increases the chance that an agent will perform actions under another identity, bypass least-privilege expectations, or expose data associated with other users.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly documents high-risk capabilities such as configuration changes, password resets, token generation, permissions management, and user impersonation, but provides little to no prominent warning, authorization guidance, or operator confirmation requirements around these actions. In an agent skill context, documentation shapes how the agent may invoke powerful API operations, so under-emphasizing destructive or privileged actions increases the chance of accidental misuse or unsafe automation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill includes destructive administrative operations such as deleting issues, projects, users, attachments, notes, tokens, and configuration changes without prescribing confirmation, preview, or rollback safeguards. In an agentic setting, this raises the risk of accidental or prompt-induced destructive actions that could cause data loss or service disruption.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.